System and a method for management of confidential data

Abstract

A system and a method for managing confidential data in a cloud service is provided. The system comprises a cryptographic key service comprising two or more cryptographic key servers, Si, each being arranged to compute file encryption keys, kj, on the basis of information regarding data and using one or more cryptographic keys, Kj. The cryptographic keys, Kj, are secretly shared among the cryptographic key servers, Si, and none of the cryptographic key servers, Si, possesses knowledge of all of the cryptographic keys, Kj. A single point of trust at the cryptographic key service is avoided.

Description

CROSS REFERENCE TO RELATED APPLICATIONS[0001]This is a national stage filing in accordance with 35 U.S.C. § 371 of PCT / EP2014 / 072491, filed Oct. 21, 2014, which claims the benefit of the priority of European Patent Application No. 13190481.5, filed Oct. 28, 2013, the contents of each are incorporated herein by reference.FIELD OF THE INVENTION[0002]The present invention relates to a system and a method for managing confidential data in a cloud service in a secure manner, i.e. in a manner which to the greatest possible extent guarantees the confidentiality of the data.BACKGROUND OF THE INVENTION[0003]It is sometimes desirable to store data files, or to provide other kinds of data, remotely from a local system or a closed local environment, e.g. in order to be able to access the data from various location and / or using various devices, and / or in order to be able to share the data among two or more users. To this end cloud services, such as Dropbox®, Google® Drive, SkyDrive®, Amazon® S3,...

AI Technical Summary

Benefits of technology

This approach enhances data confidentiality by distributing trust among multiple key servers, preventing a single point of attack and maintaining high performance through symmetric encryption, while ensuring secure encryption and decryption processes.

Problems solved by technology

Common to these cloud services is that they are untrusted services which are arranged in the cloud.

One problem with the traditional cloud services is that users must trust that the data that they store in the cloud service remains confidential, e.g., that the data stored in the cloud service is not misused due to the cloud service being compromised by hackers, due to corrupted cloud service administrators, or due to legal enforcements in the country where the cloud service is hosted.

Thereby there is a risk that a malicious attack is performed on the single point of trust, thereby gaining access to the encryption / decryption keys.

Accordingly, the central key generator constitutes a single point of trust, which may potentially be attacked, leading to a breach of confidentiality.

Images